Verification of Electronic Signatures

1. A method of verifying an electronic signature associated with and signing an electronic document, the method comprising: receiving the electronic signature, the electronic signature comprising a signature value generated by a signer, a plurality of timestamps, and a certificate chain, wherein the electronic document comprises content data, wherein the signature value comprises an encryption by the signer's private key of a digest of the content data, wherein each timestamp comprises an encryption by a timestamp authority's private key of both a time value and a digest of the signature value, the timestamp therefore including an encrypted time value encrypted by the timestamp authority's private key, and wherein the certificate chain comprises certificates, a certificate comprising an encryption, by a private key of a certificate authority, of identity information corresponding to the signer and of the signer's public key; determining that one or more certificates in the certificate chain are invalid; determining an earliest invalidity time of the one or more invalid certificates; verifying the timestamps associated with the electronic signature, the encrypted time value of each timestamp represents a time when the corresponding timestamp authority verified the electronic signature by: decrypting the digest of the content data using the signer's public key, computing a digest of the content data, and comparing the decrypted digest with the computed digest; accessing the time value of each of the timestamps to identify the earliest valid timestamp; and declaring the electronic signature as valid if the time value of the earliest valid timestamp is earlier than the earliest invalidity time value of the one or more invalid certificates.

2. The method of claim 1 wherein the electronic signature further comprises a plurality of countersignatures and the method further comprising: verifying the plurality of countersignatures associated with the electronic signature, and declaring the electronic signature as valid if all of the countersignatures are determined to be valid and the time value of the earliest valid timestamp is earlier than the earliest invalidity time value of the one or more invalid certificates.

3. The method of claim 1 wherein one or more of the countersignatures are certified by respective certificate chains comprised of one or more certificates, a certificate comprising an encryption, by a private key of a certificate authority, of identity information corresponding to a countersigner and of a public key of the countersigner, and the operation of verifying the countersignatures comprises: verifying the certificates that certify a countersignature; and determining the countersignature to be valid if the one or more certificates in its chain are determined to be valid.

4. The method of claim 1 further comprising: verifying the certificates in the certificate chain of the electronic signature, wherein a certificate is considered invalid if a certificate in the certificate chain is determined to be expired or revoked.

5. The method of claim 1 wherein an invalidity time of an invalid certificate represents a time after a validity period of the invalid certificate.

6. The method of claim 1 wherein an invalidity time of an invalid certificate represents a time at which the invalid certificate was revoked.

7. The method of claim 1 wherein the timestamps are each certified by a chain of one or more certificates and the operation of verifying the timestamps comprises: determining whether each certificate of a timestamp is expired or revoked, wherein a timestamp is considered invalid if a certificate in its chain is expired or revoked.

8. The method of claim 1 wherein the timestamps are each certified by a chain of one or more certificates and the operation of verifying the timestamps comprises: verifying the certificates that certify the timestamps; and determining a timestamp to be valid if the one or more certificates in its chain are determined to be valid.

9. A method of verifying an electronic signature of a document, the method comprising: receiving the electronic signature, the electronic signature including a signature value generated by a signer of the electronic document, where the electronic document is comprised of content data, the signer having a public key and a private key, the electronic signature comprising the signature value and a plurality of countersignatures, wherein the signature value comprises an encryption by the signer's private key of a digest of the content data, the signature value therefore includes an encrypted time value encrypted by the timestamp authority's private key, wherein each countersignature comprises an encryption by a countersigner's private key of a digest of the signature value; identifying, from among signed timestamps included in the electronic signature, an earliest valid timestamp, each signed timestamp including a signed time value signed by a private key of a timestamp authority, wherein each timestamp represents a time when the corresponding timestamp authority verified the electronic signature by: decrypting the digest of the content data using the signer's public key, computing a digest of the content data, and comparing the decrypted digest with the computed digest; verifying validity of the plurality of countersignatures included as part of the electronic signature; identifying the earliest valid signed timestamp; and issuing a declaration of an earliest time of validity of the electronic signature if all of the countersignatures are determined to be valid, where the declared earliest time of validity of the digital signature is set to a time value of the identified earliest valid signed timestamp.

10. The method of claim 9 wherein one or more of the countersignatures are certified by a chain of one or more certificates and the operation of verifying the countersignatures comprises: verifying the certificates that certify the countersignatures; and determining a countersignature to be valid if the one or more certificates in its chain are determined to be valid.

11. The method of claim 9 further comprising: verifying the certificates in the certificate chain of the electronic signature, wherein a certificate is considered invalid if a certificate in the certificate chain is expired or revoked.

12. The method of claim 9 wherein the electronic signature includes an electronic signature value provided by a signer and further comprising verifying the electronic signature value using a public key of the signer.

13. A computer-readable medium having computer-executable instructions for performing a computer process that implements the operations recited in claim 9 .

14. A system comprised of one or more processors and memory of corresponding one or more computers for verifying an electronic signature associated with and signing an electronic document, the system comprising: a receiving module stored by the memory and executed by the one or more processors, the receiving module receiving the electronic signature, the electronic signature comprising a signature value generated by a signer of the electronic document, the signer having a public key and a private key, a plurality of timestamps, and a certificate chain, wherein the electronic document comprises content data, wherein the signature value comprises an encryption by the signer's private key of a digest of the content data, wherein each timestamp comprises an encryption by a timestamp authority's private key of both a time value and a digest of the signature value, each timestamp therefore including an encrypted time value, and wherein the certificate chain comprises certificates, a certificate comprising an encryption, by a private key of a certificate authority, of identity information corresponding to the signer and of the signer's public keys; a timestamp verification module stored by the memory and executed by the one or more processors, where the timestamp verification module determines that one or more certificates in the certificate chain are invalid, stores an earliest invalidity time value of the one or more invalid certificates, verifies the timestamps associated with the electronic signature, looks for the earliest valid timestamp according to their time values, and records the time value of the earliest valid timestamp, wherein each timestamp represents a time when the corresponding timestamp authority verified the electronic signature by: decrypting the digest of the content data using the signer's public key, computing a digest of the content data, and comparing the decrypted digest with the computed digest; and a declaration module stored by the memory and executed by the one or more processors, where the declaration module declares the electronic signature as valid if the time value of the earliest valid timestamp is earlier than the earliest invalidity time value of the one or more invalid certificates.

15. The system of claim 14 wherein the electronic signature is associated with a plurality of countersignatures and further comprising: a countersignature verification module that verifies the plurality of countersignatures associated with the electronic signature, wherein the declaration module declares the electronic signature as valid if all of the countersignatures are further determined to be valid.

16. The system of claim 15 wherein one or more of the countersignatures are certified by a chain of one or more certificates and the countersignature verification module further verifies the certificates that certify the countersignatures and determines a countersignature to be valid if the one or more certificates in its chain are determined to be valid.

17. The system of claim 14 further comprising: an electronic signature verification module that verifies the certificates in the certificate chain of the electronic signature, wherein a certificate is considered invalid if a certificate in the certificate chain is expired or revoked.

18. The system of claim 14 wherein the electronic signature includes an electronic signature value provided by a signer and further comprising an electronic signature verification module that verifies the electronic signature value using a public key of the signer.